Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Certification+: The Most Comprehensive Compliance Solution


Published on

PYA Principal Pete Pearson along with Glen Stout and Matt Froning from SCA and Chris Gulotta from Real Estate Data Shield presented “Certification+ The Most Comprehensive Compliance Solution” during a webinar for leaders within the Fidelity National Title Group, April 28, 2016.
The presentation explored:
• Market drivers related to the title industry and lender vendor programs
• Profiles of the Certification+ team
• Benefits to title agents who pursue Certification+
• Frequently asked questions

Published in: Business
  • Be the first to comment

  • Be the first to like this

Certification+: The Most Comprehensive Compliance Solution

  1. 1. 1 The Most Comprehensive Compliance Solution
  2. 2. 2
  3. 3. 3 Agenda • Partner Introductions • Market Drivers • Certification+ Partnership • Agent Benefits • What the partners do • FAQs
  4. 4. 4 Market Drivers • Self-assessments no longer acceptable • Lenders requiring 3-party certification • 4.1.16 Equity Mortgage Bankers • 3.24.16 Delta Community CU • Cyber Security is No. 1 Concern for the industry • Employees responsible for nearly 40% of all breaches • Key lender regulators (CFPB, OCC, FDIC) published bulletins on third-party risk management
  5. 5. 5 The Partnership Who we are: – PYA, Real Estate Data Shield, Security Compliance Associates – ALTA Elite Providers – FNTG preferred vendors – Best-in-Class Solutions Providers
  6. 6. 6 What is Certification+? • Comprehensive compliance package for title agents, settlement agents, RE attorneys, escrow companies, notaries etc. • Unique bundled services: • IT security assessments (including Cyber Security) • GLBA Compliance • Certification of all ALTA Best Practice 7 pillars • Employee Training
  7. 7. 7 What is Certification+? We are a team of experienced professionals dedicated to assisting our industry partners with meeting compliance challenges. Our executive team includes: – A former national title underwriter executive with 35+ years of industry experience – A state insurance department regulator – A former title agent and current settlement firm principal with 25+ years of title and settlement experience – A CISSP (Certified Information Systems Security Professional) and IT security specialist with more than 21 years supporting the US Air Force as Chief of Computer Investigations and Operations with computer criminal, counterintelligence and counter espionage experience – A CIPP (Certified Information Privacy Professional)
  8. 8. 8 • Affordable to both small and large agents • Single point-of-contact • Certification of all 7 pillars • Gramm-Leach-Bliley Act (GLBA) Compliance – IT and Cyber Security assessments • World-Class employee compliance training Agent
  9. 9. 9
  10. 10. 10 Compliance Management Platform™ CEO and founder of Real Estate Data Shield and The Gulotta Law Group, Chris has represented institutional lenders in mortgage finance transactions for over 25 years. He has developed compliance management platforms and Data Security Compliance tools for mortgage lenders, title underwriters, independent title and settlement agents, notaries and attorneys. Chris is a Certified Information Privacy Professional and sits on ALTA’s Best Practice Task Force. Christopher J. Gulotta, Founder & CEO, Esq., CIPP Paul Schwartz, Chief Privacy Advisor Richard Purcell, Courseware Developer An international expert on information privacy law, Professor Schwartz assists corporations and law firms with regulatory, policy, and governance issues. As professor of law at UC Berkeley and Director of the Berkeley Center for Law and Technology, he has published widely on privacy and data security topics. A leading voice in consumer privacy and data protection challenges, Mr. Purcell is an award-winning developer of Web-based education and training courses. As Microsoft's original Privacy Officer, he designed and implemented one of the world's largest and most advanced privacy programs.
  11. 11. 11 REDS 2.0 REDS 2.0 Includes: – E-Commerce Website: Our new e-commerce website allows clients to purchase our products and register employees directly through our website with ease. This new web interface allows for east setup, onboarding and management of users – Updated Staff Training Courseware: Our award-winning courseware has been updated and includes two (2) NEW learning modules – Policies & Procedure Templates and Security Self-Assessment Tool: Information Security policies & procedure templates and a company self- assessment tool for companies to jump-start the compliance process.
  12. 12. 12 Additional REDS 2.0 Features: – Client “Administrator” functionality allows for easy tracking of employee progress through a 2.0 dashboard. – The new modules include our Compliance Coach Avatar “CC”, who will guide employees through the courseware and learning process. – The new “Preamble Module” educates employees and increases their awareness of the need to safeguard NPPI and how to help implement Cyber Security in the office. Designed to change corporate culture and staff behavior. – The new “Summary Module” bolsters the educational content in REDS 1.0 with a deeper dive into information security and the Privacy Smart® best practices. – REDS 1.0 and REDS 2.0 were exclusively developed for the Title and Settlement industry by, (i) Christopher Gulotta, Esq., a national recognized subject matter expert in title, settlement & Information Security Compliance with a CIPP designation; (ii) Richard Purcell, Microsoft’s First Privacy Officer; and (iii) Professor Paul Schwartz, of Berkeley Law School.
  13. 13. 13 Compliance Management Platform • Compliance is the New Marketing – Enhance your marketability by becoming a Cyber Secure environment – Position your company to thrive in the new regulatory and contractual landscape and “comply to survive” with the increasing regulatory standards – Train your staff in privacy and security requirements & safeguards to better protect your non-public personal information and escrow funds with our award-winning Data Security Awareness Courseware – Demonstrate internal controls that comply with federal and state consumer privacy and security laws, rules, and regulations using our Information Management Compliance Manual with guidelines, procedures and policy templates – Assess your overall compliance with an assessment of vulnerabilities to reveal gaps and pinpoint critical areas for remediation • Compliance Management Platform™ – Prepare your company for lender compliance audits and contractual scrutiny – Privacy and security law and regulations require it and regulators enforce it – Lenders will contractually mandate it in the Post-TRID environment
  14. 14. 14 Compliance Management Platform Components • Threats and Vulnerabilities • Controls and Safeguards • Information Management Governance • Security Infrastructure – Physical and Technical • Employee Awareness Risk Self-Assessment • Consumer Privacy • Employee Data Protection • Acceptable Use of Company Resources – Employees • Information Security • Information Management – Third Parties • Security Breach Management Policies & Procedures • Information Management for Real Estate Settlement Services Companies (title, settlement, attorneys, notaries, escrow companies, etc.) Staff Training 2.0
  15. 15. 15 Admin Home
  16. 16. 16 Online Training
  17. 17. 17 Preamble Module
  18. 18. 18 Summary Module
  19. 19. 19 Admin Dashboard
  20. 20. 20 Policies & Procedures
  21. 21. 21 Risk Self-Assessment
  22. 22. 22 Compliance Management Platform™ • Information Drives the Digital Economy – Advanced technologies have created efficiencies – Regulators are focusing on how transitions to digital information management require oversight of critical financial services – Major players are turning scrutiny toward service providers to protect their interests • Compliance As a Required Competency – Comprehensive information management programs with documented policies and procedures – Regular risk assessment evaluation to detect and correct vulnerabilities – Company-wide awareness and training communications • Real Estate Data Shield’s Compliance Management Platform™ – Guidance and templates for a comprehensive program, fully documented – Self-assessments for adherence to regulatory and best practices standards – Award-winning web-based training supported by robust reporting You can only manage what you can measure
  23. 23. 23 Christopher J. Gulotta, Esq., CIPP Founder & CEO Real Estate Data Shield, Inc. (212-951-7302 * For Marketing & Sales Inquiries: Maria Meyers Director of Marketing & Sales ( 212-951-7302 *
  24. 24. 24
  25. 25. 25 Who is Pershing Yoakley & Associates, P.C.?
  26. 26. 26 Complimentary tools for Fidelity agents • Gap Analysis: evaluation of policies and procedures • Readiness Tool: Short questionnaire by pillar to gauge compliance Tools for Agents
  27. 27. 27 Menu of Engagement Types As a public accounting firm, PYA can work along with SCA and REDS to provide higher levels of assurance such as SOC 2 or examinations, if necessary.
  28. 28. 28
  29. 29. 29 Matthew Froning Chief Information Officer Security Compliance Associates, Inc. * (727) 571-1141 Security Compliance Associates, LLC © 2016
  30. 30. 30 SCA Background • Founded in 2000 • Tampa’s 30th Fastest Growing Co - 2013 • Over 3,000 Assessment Assignments Completed • Three Verticals – Coast to Coast – Title & Settlement – Financial Institutions (Credit Unions, Banks, Investment Firms – Healthcare • 35% Growth Since 2009 • 20 Team Members and Growing • ALTA Elite Provider
  31. 31. 31 Engineer Certifications • CISSP – Certified Information Systems Security Professional • CISA – Certified Information Systems Auditor • ISSMP – Information Systems Security Management Professional • ISSAP – Information Systems Security Architecture Professional • CEH – Certified Ethical Hacker • CPT – Certified Penetration Tester
  32. 32. 32 Our Services • External & Internal Vulnerability Assessment • External & Internal Vulnerability Scans • ALTA Best Practices Pillar 3 Certification – Protection of NPPI • GLBA Gap Analysis • Cybersecurity Gap Analysis
  33. 33. 33 Our Services • IT Risk Assessments • InfoSec Controls Review • Social Engineering • Physical Security Review • Network Architecture Review • DoS Assessment
  34. 34. 34 SCA Reports
  35. 35. 35 SCA Reports
  36. 36. 36 FNTG Agent Benefits • Legal Compliance as a Financial Institution • Uncover vulnerabilities • Become Cyber Secure • Mitigate risks • Access to IT Security expertise • We help agents sleep at night
  37. 37. 37 FAQ’s • What is the difference between a certification, an examination, a SOC 1, or a SOC 2? • What is the cost? • My agents’ lenders have not requested a third- party certification yet so why do I need Certification+?
  38. 38. 38 FAQ’s • What if my lender requests a higher level of certification after I have completed a Certification+ engagement? • How do agents initiate the process? • How do all three companies coordinate the engagement behind the scenes?
  39. 39. 39 FAQ’s • Where can I send agents for additional information? • What is involved in a GLBA assessment? • What are common IT security remediation items, and how does SCA assist?
  40. 40. 40 Questions?